directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <>
Subject Kerberos PDU decoder performances
Date Sat, 16 Jun 2007 00:43:04 GMT
Ok, now that I understand the PDU structure for AS-REQ, I have done a
little perf test on it :
1 000 000 PDU decoded in 38 seconds on my laptop.

Not too bad.

Some possible improvement :
- switch to the LDAP decoder should be possible without a lot of
effort. DER and BER are very closed, and we can modify easily the LDAP
decoder to support DER
- switching to shared-ldap decoder would improve a lot the
performance. For a similar PDU size (less than 255 bytes), and
complexity, we can decode around 200 000 PDUs in shared-ldap (it
depends on which kind of treatment we do with the data, of course).
- there is also one major gain : the current decoder stores the bytes
for each decoded TLV, so for this 240 bytes length PDU,  we are
creating 53 byte array to decoder recursively the TLVs. The total
allocated storage is 1661 bytes long. That means more GC...
- Doing so also allow the PDU to be hand crafted to make the decoder
explode. If, for instance, the first TLV length is 100, we can provide
a TLV which length could be 200000000 bytes length later in the code,
without any problem, but an OOM... As this OOM won't be catched, the
returned error will be a little bit cryptic, I guess.


View raw message